The UK government has today announced measures to make internet-connected, IoT, devices safer to use following a rise in cyber security breaches.
Manufacturers of ‘smart’ devices will now be expected to build-in tough new security measures that last the lifetime of the product.
At the moment, security of these devices is a side issue, and passwords are easily hackable. These new measures will mean manufacturers need to make sure passwords are unique and not resettable to a factory default and that sensitive data transmitted via apps is encrypted.
>See also: The Internet of Things: The security crisis of 2018?
“Security is often an afterthought,” confirmed Graeme Wright, CTO for Manufacturing, Utilities, and Services at Fujitsu UK.
As well as the stricter guidance on passwords and enhanced encryption, the government’s Security by Design review includes”
• Device manufacturers have a point of contact so that security researchers can report issues immediately
• Software should be updated automatically with clear guidance for customers
• It should be easy for consumers to delete personal data
• Installation and maintenance should be easy for consumers
• The government estimates that every household in the UK owns at least 10 internet-connected devices – a figure that is expected to rise to 15 by 2020.
Margot James, minister for digital and the creative industries, said: “We want everyone to benefit from the huge potential of internet-connected devices, and it is important they are safe and have a positive impact on people’s lives.”
“We have worked alongside industry to develop a tough new set of rules so strong security measures are built into everyday technology from the moment it is developed.”
Dr Ian Levy, from the National Cyber Security Centre, said that “We are pleased to have worked with DCMS on this vital review, and hope its legacy will be a government ‘kitemark’ clearly explaining the security promises and effective lifespan of products.”
>See also: It’s time to take IoT security seriously
However, these guidelines are not binding, which begs the question – will they even be implemented by manufacturers who some deem irresponsible?
“Today’s call by the government is welcomed, but they must set the standards for developing security practices for IoT devices,” explained David Emm, principal security researcher at Kaspersky Lab. We’ve all come to expect that everyday objects – from children’s toys to furniture – come with certification marks indicating that they are physically safe, but developers of smart devices do little to secure them, rarely release firmware updates, and don’t explain to users that they should change their passwords. Software should be updated automatically with clear guidance for customers.”
Moving forward ,Julian David, CEO of TechUK said that this project represents the start of a security revolution when it comes to IoT devices. “Industry has been keen to engage in the review and demonstrate what is best practice. It is important that companies throughout the supply chain now adopt and build on this Code of Practice to build the trust required to drive widespread take-up of the IoT.”